Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [diffusion]

Diffusion refers to the property of an encryption primitive that small changes in the plaintext result in big changes in the ciphertext and vice-versa.

46 questions
19
votes
1 answer

Understanding the wide trail design strategy

I am trying to understand the wide trail design strategy. I have read the paper (paywall-free preprint) which describes it from the point of view of AES. From what I understand, it is a technique to increase diffusion in a particular way to resist…
forest
  • 15,626
  • 2
  • 49
  • 103
10
votes
1 answer

How does AES introduce confusion and diffusion?

I know that in AES the shift-rows and mix-columns operations introduce diffusion, but I don't understand how they create diffusion. Also, I know the add-round-key operation creates confusion, but I don't understand how it creates confusion by simply…
user40191
  • 101
  • 1
  • 3
9
votes
1 answer

How 2 rounds in AES achieve full diffusion?

I have read somewhere that 2 rounds is AES provide full diffusion. So I looked it up to find out what it exactly meant. In The Design of Rijndael page 41, section 3.5 and it states that: Two rounds of Rijndael provide 'full diffusion' in the…
Anton Paragas
  • 411
  • 2
  • 8
7
votes
1 answer

Confusion and Diffusion in the AES functions

I am pondering, how each of the four functions that a full AES round does consist of (Add Round Key, Substitute Bytes, Shift Rows and Mix Columns) add to the confusion and diffusion of the full AES. My understanding would be Add Round Key:…
mat
  • 2,558
  • 1
  • 14
  • 28
6
votes
2 answers

Encrypt-Mix-Encrypt: Full Diffusion?

I've read "A Parallelizable Enciphering Mode" by Halevi and Rogaway about the encrypt-mix-encrypt mode for ciphers and was asking myself if this mode provides "full" diffusion. So if an attacker alters one bit of the ciphertext, how many bits (all?)…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
5
votes
0 answers

Effect of block size on diffusion rate

I've always been under the belief that larger block sizes require more rounds to achieve full diffusion. Rijndael, SPECK, and SIMON, for example, have a round multiplier based on the block size. The idea that a larger block size also necessitates…
forest
  • 15,626
  • 2
  • 49
  • 103
5
votes
2 answers

Early propagation of carries in the BLAKE hash function

The BLAKE paper uses round constants derived from $\pi$ to improve diffusion, even if the additions modulo $2^{32}$ are replaced with bitwise XOR when processing a null message and null initial state: The higher weight in the original model is due…
forest
  • 15,626
  • 2
  • 49
  • 103
5
votes
1 answer

Full diffusion or Partial diffusion between s-box applications?

In regards to maximizing active s-boxes: is it advantageous to apply the non-linear layer after complete diffusion of the state, rather after then partial diffusion? Using AES as an example, with the well known mixColumns and shiftRows…
Ella Rose
  • 19,971
  • 6
  • 56
  • 103
4
votes
2 answers

Which sub operation is more expensive in the AES encryption process?

In the AES encryption process, there are various sub-operations, like SubByte, MixColumns, ARK etc. My question is which of these operations is more expensive? In a video lecture by Dan Boneh, it is mentioned that the lookup table implementation of…
Radium
  • 187
  • 7
4
votes
0 answers

How to decide which diffusion scheme is better for a block cipher design

There are several schemes that can be used to achieve the diffusion property in a block cipher. Schemes include MDS code, Bit permutation, Byte/ Nibble permutation, Diffusion Matrix, Diffusion Switching Mechanism. The amount of diffusion offered by…
Radium
  • 187
  • 7
4
votes
2 answers

Does the One Time Pad rely on confusion or diffusion?

From what I could research, XORing a random key adds confusion. But I do not undertand the rationale for that classification. Shannon's confusion is supposed to obscure the relationship between the ciphertext and key, but the OTP clearly does not do…
wmnorth
  • 252
  • 2
  • 11
3
votes
2 answers

Why is confusion and diffusion never talked about in asymmetric crypto?

While talking about symmetric encryption schemes like AES we always have a goal of achieving confusion and diffusion. But when it comes to asymmetric encryption schemes like RSA, DH etc. we never talk about diffusion and confusion. Is it known that…
Chirag Parmar
  • 121
  • 7
3
votes
0 answers

AES: Why ShiftRows() before MixColumns()?

In above picture you can see a AES state array over 2 rounds through the S- and P-Boxes of AES. It's taken from here and intends to show how 2 rounds of transformation are necessary to achieve full diffusion after only the first byte has…
Andy Ef
  • 31
  • 1
3
votes
1 answer

Prove the branch of number of Advanced Encryption Standard

In the Advanced Encryption Standard (AES) document: page 27 section 7.3.1, It defines branch number. It said " Let F be a linear transformation acting on byte vectors and let the byte weight of a vector be the number of nonzero bytes. The…
Rikeijin
  • 211
  • 1
  • 7
3
votes
1 answer

Ascon design - Sbox as sole diffusion mechanism?

Ascon has an interesting state construction where linear diffusion only occurs within words and the only non-linearity serves as also the only diffusion between words: As far as I know it's the only standardized cipher where an s-box serves as the…
meercat
  • 31
  • 1
1
2 3 4